Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Bounty Program Offers Larger Rewards For Bug Hunters (betanews.com)

Posted by msmash on from the further-embrace dept.

Microsoft, which already offers one of the biggest bug bounty programs, said today it is increasing the payouts it makes and the time it takes to push the payments. From a report: A key change in policy is that Microsoft will no longer wait until a fix has been produced for a bug until making a payout -- now the only requirement is that a bug can be reproduced. This is thanks in part to a partnership with HackerOne. [...] The maximum bounty has increased from $15,000 to $50,000 for the Windows Insider Preview bounty and from $15K to $20K for the Microsoft Cloud Bounty.

18 comments

  1. Nice and all by DarkRookie2 · · Score: 1

    M$ is a 12 figure company.
    You would think they would have enough for a QA person or 2.
    But then again, M$ consumers have always been beta testers unwilling.

    --
    http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie
    1. Re:Nice and all by antdude · · Score: 1

      It's not just M$. :(

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  2. Here's some money ... by CaptainDork · · Score: 1

    ... please work on fixing the stuff my engineers don't even know about but delivered anyway.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re: Here's some money ... by Anonymous Coward · · Score: 0

      Ooooo nice headline. No thanks

  3. Isnt that illegal? by gurps_npc · · Score: 1

    I am pretty sure you can't offer a reward for catching a bug hunter. Not unless they have committed a crime.

    I know that software companies assume all bug hunters are actually criminals, but you still have to prove they used the bugs to commit a crime, you can't just offer a reward for catching a bug hunter.

    Yeah, I know some of you are thinking the poster meant to write a reward TO bug hunters, but we are talking about a major tech companies here, not people known for actually caring about the bugs in their products.

    --
    excitingthingstodo.blogspot.com
    1. Re: Isnt that illegal? by Anonymous Coward · · Score: 0

      When you feel the need to ask that question, the person you are asking most likely isn't intelligent enough to give you a coherent response.

    2. Re: Isnt that illegal? by gurps_npc · · Score: 1

      Or he was making a joke and you did not get it. A sure sign of this is the questioning of their intelligence.

      --
      excitingthingstodo.blogspot.com
    3. Re: Isnt that illegal? by gurps_npc · · Score: 1

      Some simple advice - when you as "what the @#$", you should consider "Is this person making an obtuse joke or is he serious?"

      --
      excitingthingstodo.blogspot.com
    4. Re: Isnt that illegal? by Anonymous Coward · · Score: 0

      you would have to be an utter moron to find anything about that post amusing

    5. Re: Isnt that illegal? by Anonymous Coward · · Score: 0

      Huh, by talking about yourself in the third person, you proved the comment about not being smart enough to give a coherent response.

      Moron.

  4. Perhaps a typo by opentunings · · Score: 1

    " it is increasing the payouts it makes and the time it takes to push the payments."

    Probably more accurate to say "increasing the payouts and DECREASING the time it takes to push the payments."

  5. Steve Ballmer by Anonymous Coward · · Score: 0

    If he was still steering this ship, you'd get sued instead of getting paid.

  6. More like shut up and take my money! by Anonymous Coward · · Score: 0

    Some one do the public a favor and post what the NDA states to receive said money.

  7. Am I the only one who remembers... by 3seas · · Score: 1

    ...when MS would charge you to report a bug?

  8. Dear $Corporation by nehumanuscrede · · Score: 1

    If you want folks to participate in your bug bounty programs, you need to keep a simple fact in mind.
    Your bounties MUST pay out more than what a found exploit can be sold for on the open market.

    It is really that simple.

    Why would I divulge an exploit to $Corporation for a $10k prize, if I could sell it to multiple third parties for $100k each ?

    You will be going up against folks with very deep pockets: Intelligence Agencies, Governments and Hacking Groups free lancing for either ( or both ).

    So, quit being cheap. Start paying out what those bugs are truly worth.

    THEN ( and only then ) you'll see far more interest in your bounty programs.

    1. Re:Dear $Corporation by Anonymous Coward · · Score: 0

      You can buy a gun for $1000 and use it to rob a bank of $1 million. Doesn't mean the gun is worth $1 million.

      The value of a bug, is not the same as the monetary harm it can be used to cause - which is what the price on the black market reflects.

      But then, you're a dummy so you probably won't understand it, and you have zero chance of actually finding any bug in any product anyway.....

  9. You've created an underground stock market. by Anonymous Coward · · Score: 0

    You've created an underground stock market.

    Should be illegal as fuck.